Reaper "baby" botnet is still growing

Netlab experts say the botnet it's in incipient stages of development, with its operator busy adding as many devices to the fold as possible.

Exploits are added on a regular basis, while the C&C infrastructure expands to accommodate new bots.

Netlab says that it observed over two million infected devices sitting in the botnet's C&C servers' queue, waiting to be processed. Just yesterday, only one of the C&C servers was controlling over 10,000 bots.

Tomorrow is the one-year anniversary of the Dyn DDoS attack

The botnet was first spotted on September 13, around one year after experts first found the Mirai IoT malware. Tomorrow will be the one year anniversary of the Dyn DDoS incident, Mirai's most impactful DDoS attack that brought down a large portion of the Internet across North America and Europe.

Both Check Point and Netlab point out that Reaper did not launch any DDoS attack, as of yet. Nonetheless, Netlab says Reaper comes with a Lua-based execution environment integrated into the malware that allows its operator to deliver modules for various tasks, such as DDoS attacks, traffic proxying, and other.

But Reaper's Lua core also comes embedded with 100 DNS open resolvers, a functionality that will allow it to carry out DNS amplification attacks with ease.

Only time will tell if this botnet will ever be deployed in live attacks like Mirai, or will be a dud like Hajime.

This week, both the FBI and Europol warned about the dangers of leaving Internet of Things devices exposed online.

Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page.

Comments

"This week, both the FBI and Europol warned about the dangers of leaving Internet of Things devices exposed online."

Great. Now with the warnings, the treat has been averted.

Anyone want to hazard a guess as to how many that have an IoT thing, will see the warning, even know that they have IoT things, will think the warning means they are the ones to do something about it, will think there's anything they can do - except (to try), to disconnect their Internet of Things things (which if they consciously bought them as IoT things, it was for the functionality enabled by a connection to the Internet), from the Internet?